All versions of Quagga (and also GNU Zebra, from which Quagga was
forked) are vulnerable to a remotely triggerable denial of
service.

Scope of vulnerability:
-----------------------

All versions of GNU Zebra and all versions of Quagga /prior/ to
0.96.4, where a daemon's vty, ie the telnet CLI, is accessible to
hostile parties.

Impact:
-------

Affected daemons can be made to crash by sending a malformed telnet
command.

Description:
------------

The vty layer, when processing the telnet sub-negotiation ends
marker, SE, does not check whether there is sub-negotiation in
progress, and hence will attempt to dereference a (typically) NULL
pointer causing the daemon to crash.

Workaround:
-----------

Restrict access to daemon's telnet CLI, by either configuring each
daemon's vty with an appropriate access-class and access-list, or by
some external firewalling application.

The RedHat Advisory references a second vulnerability in GNU Zebra
and Quagga, regarding the zebra daemon accepting netlink messages
from any user. This vulnerability will be dealt with as soon as
possible.